PKI Services for z/OS

PKI Services certificates support most of the fields and extensions defined in the X.509 version 3 (X.509v3) standard. This support lets you use these certificates for most cryptographic purposes, such as SSL, IPSEC, VPN, and S/MIME.

PKI Services certificates can include the following types of extensions:

Standard extensions

The standard X.509v3 certificate extensions:

authority key identifier

authority information access

basic constraints

certificate policies

certificate revocation list (CRL) distribution points

extended key usage

key usage

subject alternate name

subject key identifier

Custom extensions

PKI Services supports the use of customized extensions. Any extension can be includes in a certificate that is in the following form:

Other extensions

Extensions that are unique to PKI Services, such as host identity mapping. This extension associates the subject of a certificate with a corresponding identity on a host system, such as with a RACF user ID.